From 71aabd3d8ead20c5d1009892614b2c28124d25e9 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Tue, 15 Oct 2024 17:29:23 +0600
Subject: [PATCH] downgrade KSV117 severity from High to Medium

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
---
 avd_docs/kubernetes/general/AVD-KSV-0117/docs.md               | 2 ++
 .../kubernetes/pss/baseline/12_privileged_ports_binding.rego   | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-0117/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0117/docs.md
index a563b5ba..bdb8da60 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0117/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0117/docs.md
@@ -10,4 +10,6 @@ The ports which are lower than 1024 receive and transmit various sensitive and p
 ### Links
 - https://kubernetes.io/docs/concepts/security/pod-security-standards/
 
+- https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414
+
 
diff --git a/checks/kubernetes/pss/baseline/12_privileged_ports_binding.rego b/checks/kubernetes/pss/baseline/12_privileged_ports_binding.rego
index 43f6b41b..9ee098c9 100644
--- a/checks/kubernetes/pss/baseline/12_privileged_ports_binding.rego
+++ b/checks/kubernetes/pss/baseline/12_privileged_ports_binding.rego
@@ -6,10 +6,11 @@
 # - input: schema["kubernetes"]
 # related_resources:
 # - https://kubernetes.io/docs/concepts/security/pod-security-standards/
+# - https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414
 # custom:
 #   id: KSV117
 #   avd_id: AVD-KSV-0117
-#   severity: HIGH
+#   severity: MEDIUM
 #   short_code: no-privilege-port-binding
 #   recommended_action: "Do not map the container ports to privileged host ports when starting a container."
 #   input: